[Standards-JIG] proposed In-Band Registration revisions

Peter Saint-Andre stpeter at jabber.org
Wed Dec 7 22:20:09 UTC 2005

Several implementors have mentioned to me before that they consider the 
password change and deregistration use cases in JEP-0077 to be insecure 
since the old password is not required in order to complete them. (What 
if someone uses your computer while you step away for a minute and 
changes your password?) Therefore I have added some optional protocol 
flows to JEP-0077, using Data Forms to require additional information 
before allowing a password change or deregistration. As with the 
JEP-0071 changes, these revisions are provisional and need to be 
approved by the Jabber Council.

CVS Modifications: 

Rendered version: http://www.jabber.org/jeps/tmp/jep-0077-2.2.html

Feedback is welcome as always.


Peter Saint-Andre
Jabber Software Foundation
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3641 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.jabber.org/pipermail/standards/attachments/20051207/69f5d321/attachment.bin>

More information about the Standards mailing list